14603 matches found
Debug Log Manager < 2.3.2 - Unauthenticated Stored Cross-Site Scripting
Description The Debug Log Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...
Backup Migration < 1.4.4 - Information Exposure via Log Files
Description The Backup Migration plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.3 via log files. This makes it possible for unauthenticated attackers to extract potentially sensitive information via log files...
QR Code Composer < 2.0.4 - Subscriber+ Stored XSS
Description The plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user...
Cornerstone < 0.8.1 - Reflected Cross-Site Scripting
Description The Cornerstone plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 0.8.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages th...
AI Infographic Maker < 4.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The AI Infographic Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.6.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
Import Content in WordPress & WooCommerce with Excel < 4.3 - Reflected Cross-Site Scripting
Description The Import Content in WordPress & WooCommerce with Excel plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
CBX Bookmark & Favorite < 1.7.22 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The CBX Bookmark & Favorite plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.7.21 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
Product Feed PRO for WooCommerce by AdTribes – WooCommerce Product Feeds for Google, Facebook/Meta, Bing, & More < 13.2.6 - Reflected Cross-Site Scripting
Description The Product Feed PRO for WooCommerce by AdTribes – WooCommerce Product Feeds for Google, Facebook/Meta, Bing, & More plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 13.2.5 due to insufficient input sanitization and output...
Netgsm < 2.9.1 - Reflected Cross-Site Scripting
Description The Netgsm plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...
Simple Membership < 4.4.4 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode
Description The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'swpmpaypalsubscriptioncancellink' shortcode in all versions up to, and including, 4.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. Thi...
Active Products Tables for WooCommerce < 1.0.6.3 - Missing Authorization
Description The Active Products Tables for WooCommerce. Use constructor to create tables plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the getsmth function in all versions up to, and including, 1.0.6.2. This makes it possib...
Mortgage Calculators WP < 1.60 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Mortgage Calculators WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.56 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
Base64 Encoder/Decoder <= 0.9.2 - Reflected XSS
Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Make a logged in admin open the URL below...
Seriously Simple Podcasting < 3.1.0 - Reflected Cross-Site Scripting
Description The Seriously Simple Podcasting plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
EnvíaloSimple: Email Marketing y Newsletters < 2.3 - Reflected Cross-Site Scripting
Description The EnvíaloSimple: Email Marketing y Newsletters plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders < 5.9.16 - Contributor+ Stored Cross-Site Scripting
Description The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the eaelteammembersimagerounded parameter in the Team Members widget in all versions up to, and including, 5.9.15 d...
SP Project & Document Manager <= 4.71 - Subscriber+ File Download via IDOR
Description The plugin lacks proper access controllers and allows a logged in user to view and download files belonging to another user PoC As a logged in user, send a GET request: GET /wp-admin/admin-ajax.php?action=cdmfilelist=3CHANGE HERE=0CHANGE HERE=&=1708406394720 You can view files and...
WordPress Automatic Plugin < 3.93.0 Cross-Site Request Forgery
Description The WordPress Automatic Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.92.1. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an...
WP 2FA – Two-factor authentication for WordPress < 2.6.3 - Reflected Cross-Site Scripting
Description The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.6.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
Shortcodes Ultimate < 7.1.2 - Contributor+ Stored XSS
Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin PoC Add the following shortcode to a post: sulightbox src='123"onmouseover="alert1"'Cli...
ElementsKit Elementor addons < 3.1.1 - Contributor+ Local File Inclusion via Onepage Scroll Module
Description The ElementsKit Elementor addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.0 via the generatenavigationmarkup function of the Onepage Scroll module. This makes it possible for authenticated attackers, with contributor-level...
CM Tooltip Glossary < 4.3.0 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
Base64 Encoder/Decoder <= 0.9.2 - Stored XSS via CSRF
Description The plugin does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack PoC Make a logged in admin open an HTML file containing the following:...
WP-Lister Lite for eBay < 3.6.0 - Authenticated (Shop Manager+) Stored Cross-Site Scripting
Description The WP-Lister Lite for eBay plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 3.5.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with shop manager-lev...
FOX – Currency Switcher Professional for WooCommerce < 1.4.1.9 - Unauthenticated Arbitrary Shortcode Execution
Description The FOX – Currency Switcher Professional for WooCommerce plugin is vulnerable to Unauthenticated Arbitrary Shortcode Execution in versions up to, and including, 1.4.1.8. This allows unauthenticated attackers to execute arbitrary shortcodes. The severity and exploitability depends on...
Slider by 10Web – Responsive Image Slider < 1.2.55 - Reflected Cross-Site Scripting
Description The Slider by 10Web – Responsive Image Slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.2.54 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
Forminator < 1.29.3 - Admin+ SQL Injection
Description The Forminator – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 1.29.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation...
DSGVO Youtube < 1.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The DSGVO Youtube plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.4.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
Tagembed: Embed Twitter Feed, Google Reviews, YouTube Videos, TikTok, RSS Feed & More Social Media Feeds < 4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The Tagembed: Embed Twitter Feed, Google Reviews, YouTube Videos, TikTok, RSS Feed & More Social Media Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.8 due to insufficient input sanitization and output escaping on user...
SP Project & Document Manager <= 4.71 - Data Update via IDOR
Description The plugin is missing validation in its upload function, allowing a user to manipulate the userid to make it appear that a file was uploaded by another user PoC 1. Select to upload a file through the plugin 2. Intercept the request: Example: ------WebKitFormBoundaryX4YnPgSA4oPHlNjv...
3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin < 3.63 - Reflected Cross-Site Scripting
Description The 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 3.62 due to insufficient input sanitization and output escaping. This makes it possible for...
WP-Recall – Registration, Profile, Commerce & More < 16.26.6 - Insecure Direct Object Reference
Description The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 16.26.5 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with...
Interactive World Maps < 2.5 - Reflected Cross-Site Scripting
Description The Interactive World Maps plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search s parameter in all versions up to, and including, 2.4.14 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
HL Twitter <= 2014.1.18 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack PoC Have a logged in admin open an HTML page containing:...
WP Prayer <= 2.0.9 - Email Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its email settings, which could allow attackers to make a logged in admin change them via a CSRF attack PoC Make a logged in admin open an HTML file containing:...
WordPress Simple HTML Sitemap < 2.9 - Reflected Cross-Site Scripting
Description The WordPress Simple HTML Sitemap plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
Master Slider < 3.9.7 - Unauthenticated PHP Object Injection
Description The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.9.5 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is...
Language Switcher for Transposh < 1.6.0 - Reflected Cross-Site Scripting
Description The Language Switcher for Transposh plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...
Photo Gallery - GT3 Image Gallery & Gutenberg Block Gallery < 2.7.7.22 - Authenticated (Author+) Cross-Site Scripting
Description The Photo Gallery – GT3 Image Gallery & Gutenberg Block Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image alt text in all versions up to, and including, 2.7.7.21 due to insufficient input sanitization and output escaping. This makes it possible for...
Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) < 3.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Sina Fancy Text Widget
Description The Sina Extension for Elementor Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Sina Fancy Text Widget in all versions up to, and including, 3.5.2...
HelloAsso < 1.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting
Description The HelloAsso plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-leve...
WP 404 Auto Redirect to Similar Post < 1.0.5 - Reflected Cross-Site Scripting via Debug Mode URI
Description The WP 404 Auto Redirect to Similar Post plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the URI in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
Forminator < 1.15.4 - Reflected Cross-Site Scripting
Description The Forminator – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.15.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
WP Prayer <= 2.0.9 - Arbitrary Prayer Deletion via CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks PoC Make and admin open a URL where is any valid prayer ID: https://example.com/wp-admin/admin.php?page=wpemanageprayer=deleteid=...
WP Smart Import : Import any XML File to WordPress < 1.1.0 - Authenticated (Author+) Stored Cross-Site Scripting
Description The WP Smart Import : Import any XML File to WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
month name translation benaceur < 2.3.8 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to...
WP Prayer <= 2.0.9 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack PoC Make a logged in admin open a page containing:...
Tutor LMS – eLearning and online course solution < 2.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'tutor_instructor_list' Shortcode
Description The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tutorinstructorlist' shortcode in all versions up to, and including, 2.6.2 due to insufficient input sanitization and output escaping on user suppli...
BA Book Everything < 1.6.9 - Authenticated (Administrator+) Stored Cross-Site Scripting
Description The BA Book Everything plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to 1.6.9 exclusive due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
Backend Designer < 1.4 - Authenticated (Admin+) Stored Cross-Site Scripting
Description The Backend Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...